Advertisement

Evaluation of an OI (Operation Interruption) Protocol to Prevent Illegal Information Flow in the IoT

  • Shigenari NakamuraEmail author
  • Tomoya Enokido
  • Makoto Takizawa
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1036)

Abstract

Various types and millions of nodes including not only computers like servers but also devices like sensors and actuators are interconnected in the IoT (Internet of Things). Here, devices have to be prevented from maliciously accessed. The CapBAC (Capability-Based Access Control) model is proposed to make IoT devices secure. In the CapBAC model, an owner of a device issues a capability token, i.e. a set of access rights to a subject. Here, the subject is allowed to manipulate the device according to the access rights authorized in the capability token. Suppose a subject \(sb_i\) is allowed to get data from a device \(d_2\) but not allowed to get data from a device \(d_1\). If another subject can get data from the device \(d_1\) and sends the data to the device \(d_2\), the subject \(sb_i\) can get the data of the device \(d_1\) from the device \(d_2\). Here, the data in the device \(d_1\) illegally flows to the subject \(sb_i\). In order to prevent illegal information flow, an OI (Operation Interruption) protocol is proposed in our previous studies. Here, illegal get operations are interrupted. In this paper, we evaluate the OI protocol in terms of the number of illegal get operations. In the evaluation, we show the ratio of the number of illegal get operations to the total number of get operations is kept constant even if the number of subjects increases in the OI protocol.

Keywords

IoT (Internet of Things) Device security CapBAC (Capability-Based Access Control) model Illegal information flow Information flow control OI (Operation Interruption) protocol 

Notes

Acknowledgements

This work was supported by Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP17J00106.

References

  1. 1.
    Denning, D.E.R.: Cryptography and Data Security. Addison Wesley, Boston (1982)zbMATHGoogle Scholar
  2. 2.
    Fernandez, E.B., Summers, R.C., Wood, C.: Database Security and Integrity. Adison Wesley, Boston (1980)Google Scholar
  3. 3.
    Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the internet of things. Math. Comput. Model. 58(5–6), 1189–1205 (2013)CrossRefGoogle Scholar
  4. 4.
    Hernández-Ramos, J.L., Jara, A.J., Marín, L., Skarmeta, A.F.: Distributed capability-based access control for the internet of things. J. Internet Serv. Inf. Secur. 3(3/4), 1–16 (2013)Google Scholar
  5. 5.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A flexible read-write abortion protocol to prevent illegal information flow among objects. J. Mob. Multimed. 11(3&4), 263–280 (2015)Google Scholar
  6. 6.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A write abortion-based protocol in role-based access control systems. Int. J. Adapt. Innov. Syst. 2(2), 142–160 (2015)CrossRefGoogle Scholar
  7. 7.
    Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A read-write abortion protocol to prevent illegal information flow in role-based access control systems. Int. J. Space Based Situated Comput. 6(1), 43–53 (2016)CrossRefGoogle Scholar
  8. 8.
    Nakamura, S., Enokido, T., Barolli, L., Takizawa, M.: Capability-based information flow control model in the IoT. In: Proceedings of the 13th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 63–71 (2019)Google Scholar
  9. 9.
    Nakamura, S., Enokido, T., Takizawa, M.: Information flow control in object-based peer-to-peer publish/subscribe systems. Concurrency and Computation: Practice and Experience (accepted)Google Scholar
  10. 10.
    Nakamura, S., Enokido, T., Takizawa, M.: Causally ordering delivery of event messages in P2 PPSO systems. Cogn. Syst. Res. 56, 167–178 (2019)CrossRefGoogle Scholar
  11. 11.
    Nakamura, S., Ogiela, L., Enokido, T., Takizawa, M.: An information flow control model in a topic-based publish/subscribe system. J. High Speed Netw. 24(3), 243–257 (2018)CrossRefGoogle Scholar
  12. 12.
    Ogiela, L.: Intelligent techniques for secure financial management in cloud computing. Electron. Commer. Res. Appl. 14(6), 456–464 (2015)CrossRefGoogle Scholar
  13. 13.
    Ogiela, M.R., Ogiela, L.: On using cognitive models in cryptography. In: Proceedings of IEEE the 30th International Conference on Advanced Information Networking and Applications (AINA 2016), pp. 1055–1058 (2016)Google Scholar
  14. 14.
    Sandhu, R.S.: Lattice-based access control models. IEEE Comput. 26(11), 9–19 (1993)CrossRefGoogle Scholar
  15. 15.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRefGoogle Scholar
  16. 16.
    Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2005) (2005)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Shigenari Nakamura
    • 1
    Email author
  • Tomoya Enokido
    • 2
  • Makoto Takizawa
    • 1
  1. 1.Hosei UniversityTokyoJapan
  2. 2.Rissho UniversityTokyoJapan

Personalised recommendations